20210512 Using Ansible to configure Podman containers is translated by DCOLIVERSUN
9.5 KiB
Using Ansible to configure Podman containers
Photo by Marta Markes on Unsplash
In complex IT infrastructure, there are many repetitive tasks. Running those tasks successfully is not easy. Human error always presents a chance of failure. With the help of Ansible, you can perform all of the tasks through a remote host executed with playbooks, and those playbooks can be reused as many times as you need. In this article you will learn how to install and configure Ansible on Fedora Linux, and how to use it to manage and configure Podman containers.
Ansible
Ansible is an open source infrastructure automation tool sponsored by Red Hat. It can deal with all the problems that come with large infrastructure, like installing & updating packages, taking backups, ensuring specific services are always running, and much more. You do this with a playbook which is written in YAML. Ansible playbooks can be used again and again, making the system administrator’s job less complex. Playbooks also eliminate repetitive tasks and can be easily modified. But we have many automation tools like Ansible, why use it? Unlike some other configuration management tools, Ansible is agentless: you don’t have to install anything on managed nodes. For more information about Ansible, see the Ansible tag in Fedora Magazine.
Podman
Podman is an open source container engine which is used for developing, managing and running container images. But what is a container? Every time you create any new application and deploy it either on physical servers, cloud servers or virtual machines, the most common problems which you face are portability and compatibility. This is where containers come into the picture. Containers virtualize at the OS level so they only contain required libraries and app services. The benefits of containers include:
- portabilty
- isolation
- scaling
- light weight
- fast boot up
- smaller disk and memory requirements
In a nutshell: when you build a container image for any application, all of the required dependencies are packed into the container. You can now run that container on any host OS without any portability and compatibility issues.
The key highlight of Podman is that it is daemon-less, and so does not require root privileges to run containers. You can build the container images with the help of a Dockerfile or pull images from Docker Hub, fedoraproject.org or Quay. For more information about Podman, see the Podman tag in Fedora Magazine.
Why configure Podman with Ansible?
Ansible provides a way to easily run repetitive tasks many times. It also has tons of modules for cloud providers like AWS, GCP, and Azure, for container management tools like Docker and Podman, and also for database management. Ansible also has a community (Ansible Galaxy) where you can find tons of Ansible roles created by contributors from all over the world. All of this makes Ansible a great tool for DevOps engineers and system administrators.
With DevOps, the development of applications is fast-paced. Developing applications which can run on any operating system is essential. This is where Podman comes into picture.
Installing ansible
First, install Ansible:
$ sudo dnf install ansible -y
Configuring ansible
Ansible needs ssh to work on managed nodes, so first generate a key pair.
$ ssh-keygen
Once the key is generated, copy the key to the managed node.
Enter yes and enter the password of the managed node. Now your managed host can be accessed remotely.
For ansible to access managed nodes, you need to store all hostnames or IP addresses in an inventory file. By default, this is in ~/etc/ansible/hosts.
This is what the inventory file looks like. Here square brackets are used to assign groups to some specific nodes.
[group1]
green.example.com
blue.example.com
[group2]
192.168.100.11
192.168.100.10
Check that all managed nodes can be reached.
$ ansible all -m ping
You should see output like this:
[mahesh@fedora new] $ ansible all -m ping
fedora.example.com I SUCCESS {
"ansibe_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[mahesh@fedora new] $
Now create your first playbook which will install Podman on managed nodes. First create a file with any name with .yml extension.
$ vim name_of_playbook.yml
The playbook should look something like below. The first field is name for the playbook. The hosts field is used to mention hostname or group name mentioned in inventory. become: yes indicates escalating privileges and tasks contain all the tasks that are going to execute, here name specifies task name, yum is module to install packages, below that specify name of package in name field and state is for installing or removing the package.
— – name: First playbook hosts: fedora.example.com become: yes tasks: – name: Installing podman. yum: name: podman state: present
Check for any syntax errors in the file.
$ ansible-playbook filename --syntax-check
Now run the playbook.
$ ansible-playbook filename
You should get output like this:
[mahesh@fedora new] $ ansible-playbook podman_installation.yml
PLAY [First playbook] *************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************
0k: [fedora.example.com]
TASK [Installing podman] ************************************************************************************************
changed: [fedora.example.com]
PLAY RECAP *************************************************************************************************
fedora.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[mahesh@fedora new] $
Now create a new playbook which pulls an image from Docker Hub. You’ll use the podman_image module to pull the httpd image of version 2-alpine from Docker Hub.
---
- name: Playbook for podman.
hosts: fedora.example.com
tasks:
- name: Pull httpd:2-alpine image from dockerhub.
podman_image:
name: docker.io/httpd
tag: 2-alpine
Now check the pulled image.
[mahesh@fedora new] $ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd 2-alpine fa848876521a 11 days ago 57 MB
[mahesh@fedora new] $
Create a new playbook to run the httpd image. See the podman_container module documentation for more information.
---
- name: Playbook for podman.
hosts: fedora.example.com
tasks:
- name: Running httpd image.
containers.podman.podman_container:
name: my-first-container
image: docker.io/httpd:2-alpine
state: started
Check that the container is running.
[mahesh@fedora new] $ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45d966eOe207 docker.io/library/httpd:2-alpine httpd-foreground 13 seconds ago Up 13 seconds ago my-first-container
[mahesh@fedora new] $
Now to stop the running container, change the state value from started to absent.
- name: Stopping httpd container.
containers.podman.podman_container:
name: my-first-container
image: docker.io/httpd:2-alpine
state: absent
When you run the podman ps command, you won’t see any containers running.
[mahesh@fedora new] $ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[mahesh@fedora new] $
There are so many things that are possible with podman_container like recreating containers, restarting containers, checking whether container is running or not and many more. See the documentation for information on performing these actions.
via: https://fedoramagazine.org/using-ansible-to-configure-podman-containers/